10 matches found
EUVD-2025-4815
Malicious code in bioql PyPI...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
CVE-2024-13316
CVE-2024-13316 affects the Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress. The issue is an unauthorized access vulnerability caused by a missing capability check in the apmswn_create_discount() function, present in...
CVE-2024-13316 Scratch & Win – Giveaways and Contests <= 2.8.0 - Missing Authorization to Unauthenticated Coupon Creation
The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the apmswncreatediscount function in all versions up to, and including, 2.8.0. This makes...
PT-2025-1777 · WordPress · The Coupon X: Discount Pop Up
Name of the Vulnerable Software and Affected Versions: The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress versions up to, and including, 1.3.5 Description: The issue is related to missing capability checks on several functions in the...
CVE-2022-47130
A Cross-Site Request Forgery CSRF in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page...
CVE-2022-47130
CVE-2022-47130 concerns a CSRF vulnerability in the Academy LMS prior to version 5.10 . The issue: an attacker with administrative privileges can trigger a request via a crafted CSRF page, allowing arbitrary creation of discount coupons. Affected component is the web application’s coupon/discount...